Kaspersky researchers have uncovered a surge in scam emails where attackers impersonate major airlines and airports, including Amsterdam Schiphol, Lufthansa, Emirates Airlines, Qatar Airways, Etihad Airways and others, to trick businesses into engaging in fraudulent supplier and partnership communication. The goal of this scheme is to steal funds from the targeted organisations. 

Since the beginning of September, Kaspersky solutions have detected and blocked thousands of scam emails of this type globally, and the volume of this type of fraud has increased compared to the previous months.

Example of a scam email sent by the attackers
These fraudulent emails typically claim to come from the procurement departments of leading airlines, announcing new projects and looking for suppliers or contractors. Once the recipient responds, attackers send a series of fake documents, such as supplier registration forms and non-disclosure agreements, to appear credible. Targeted organisations are also asked to pay the “Mandatory Refundable Expression of Interest Deposit” of several thousand USD, indicating that its purpose is “to secure a priority slot in the partnership timeline” and that it will be refunded once the “partnership” is established.

“Scammers are actively mimicking legitimate business communications. By impersonating world-famous airlines, they exploit both the brand trust and the business aspirations of their targets. Since the documents shared in these schemes are not malicious, but simply forged, they can easily bypass basic security checks and seem believable to the untrained eye,” said Anna Lazaricheva, Senior Spam Analyst at Kaspersky.

In view of these attacks, Kaspersky recommends organisations to: 

  • Verify the sender: Always check the domain name and contact details. If in doubt, reach out to the company directly through official channels.
  • Be wary of deposits: Legitimate corporations do not ask for upfront payments to register as a supplier..
  • Scrutinise documents: Look for inconsistencies in logos, language, and formatting. Subtle errors can be signs of forgery.
  • Educate employees: Train procurement and finance teams to recognise common scam tactics. Solutions like Kaspersky Automated Security Awareness Platform offer online training that builds cybersecurity awareness.
  • Use advanced security solutions: Deploy email security tools, such as Kaspersky Secure Mail Gateway that detect suspicious patterns and block fraudulent emails before they reach inboxes.
  • For enterprises that often have their names exploited by cybercriminals, brand monitoring provides early detection and takedown of phishing sites, fake profiles, and malicious apps.